zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-06-25 05:40:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

BIND9 Instructions Update

Browse source
This commit is contained in:
Pinga 2024-01-11 02:46:07 +02:00
parent 7265757458
commit 0827852445
2 changed files with 23 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

4
automation/write-zone.php
View file

@ -140,14 +140,14 @@ Coroutine::create(function () use ($pool, $log, $c) {
$completed_zone = $builder->build($zone); $completed_zone = $builder->build($zone);
if ($c['dns_server'] == 'bind') { if ($c['dns_server'] == 'bind') {
$basePath = '/etc/bind/zones'; $basePath = '/var/lib/bind';
} elseif ($c['dns_server'] == 'nsd') { } elseif ($c['dns_server'] == 'nsd') {
$basePath = '/etc/nsd'; $basePath = '/etc/nsd';
} elseif ($c['dns_server'] == 'knot') { } elseif ($c['dns_server'] == 'knot') {
$basePath = '/etc/knot'; $basePath = '/etc/knot';
} else { } else {
// Default path // Default path
$basePath = '/etc/bind/zones'; $basePath = '/var/lib/bind';
} }
file_put_contents("{$basePath}/{$cleanedTld}.zone", $completed_zone); file_put_contents("{$basePath}/{$cleanedTld}.zone", $completed_zone);

37
docs/install.md
View file

@ -560,13 +560,6 @@ Although Namingo is equipped with BIND by default for this purpose, you can opt
apt install bind9 bind9-utils bind9-doc apt install bind9 bind9-utils bind9-doc
``` ```
### Create Zone Directory:
```bash
mkdir /etc/bind/zones
mkdir /etc/bind/keys
```
### Generate a TSIG key: ### Generate a TSIG key:
Generate a TSIG key which will be used to authenticate DNS updates between the master and slave servers. **Note: replace ```test``` with your TLD.** Generate a TSIG key which will be used to authenticate DNS updates between the master and slave servers. **Note: replace ```test``` with your TLD.**
@ -595,14 +588,30 @@ Edit the named.conf.local file:
nano /etc/bind/named.conf.local nano /etc/bind/named.conf.local
``` ```
Add the following DNSSEC policy:
```bash
dnssec-policy "namingo-policy" {
keys {
ksk lifetime P3M algorithm ed25519;
zsk lifetime P1M algorithm ed25519;
};
max-zone-ttl 86400;
dnskey-ttl 3600;
zone-propagation-delay 3600;
parent-propagation-delay 7200;
parent-ds-ttl 86400;
};
```
Add the following zone definition: Add the following zone definition:
```bash ```bash
zone "test." { zone "test." {
type master; type master;
file "/etc/bind/zones/test.zone"; file "/var/lib/bind/test.zone";
auto-dnssec maintain; dnssec-policy "namingo-policy";
key-directory "/etc/bind/keys"; key-directory "/var/lib/bind";
inline-signing yes; inline-signing yes;
allow-transfer { key "test.key"; }; allow-transfer { key "test.key"; };
also-notify { <slave-server-IP>; }; also-notify { <slave-server-IP>; };
@ -623,21 +632,17 @@ After generating the keys, place them in the specified key-directory.
Use rndc to tell BIND to load and use the new keys: Use rndc to tell BIND to load and use the new keys:
```bash ```bash
chown bind:bind /etc/bind/keys/*
chmod 640 /etc/bind/keys/*
chown -R bind:bind /etc/bind/zones
chmod 640 /etc/bind/zones/*
systemctl restart bind9 systemctl restart bind9
rndc loadkeys test. rndc loadkeys test.
``` ```
Configure and start the ```write-zone.php``` automation script. Configure the ```write-zone.php``` file and activate it in the automation script.
### Check BIND9 Configuration: ### Check BIND9 Configuration:
```bash ```bash
named-checkconf named-checkconf
named-checkzone test /etc/bind/zones/test.zone named-checkzone test /var/lib/bind/test.zone
``` ```
### Restart BIND9 Service: ### Restart BIND9 Service: